This CommonMark file demonstrates some potential exploits if untrusted input is rendered with a compliant renderer. The point of this file isn't to say that CommonMark is unsafe --- the features below are very useful in many situations and are worth having in the CommonMark spec --- but that it is not safe to give untrusted input to CommonMark renderers without taking precautions.
Github doesn't render gists using CommonMark, so they won't appear as exploits below. Look at the source of this gist for the actual CommonMark.
This link will execute a script.
This one linkrefjs defined by a linkref will also.
Same with URL autolinks javascript:alert(window). (Email autolinks might be considered unsafe too since they will typically launch an external application.)
Raw HTML blocks can be used to insert links and on any tag arbitrary attributes that can inject scripting:
Script tags:
<script>alert("yes this ran");</script>Style tags:
<style>body { margin: 5em; }</style>and any other tag. They can also appear <script>document.write('inline');</script>.
Images that pull remote content could be used by an attacker to sniff who is rendering the content:
and could also trigger logouts or other actions on sites that have CSRF vulnerabilities.
Image tags can also embed unsafe content, here a data URL holding an SVG image that uses inline scripting:
(One must also wonder if the embedded XML leads to other vulnerabilities, since XML processing often has network-related unintended consequences.)
Raw HTML can also render XHTML processing instructions, doctypes, and comments which while not generally unsafe could potentially trigger special behavior:
And finally fenced code blocks can cause the insertion of an abitrary CSS tag, generally prefixed by language-, but this is implementation dependent, so it may or may not be safe.
generates <code class="language-ruby">...